A web portal is a software tool that collects or aggregates information from web content suppliers and presents the combined information on a web-page or web site. A typical portal enables a user to specify (a) desired information categories (e.g. news, sport scores, weather forecasts, market figures etc.), (b) desired content suppliers (e.g. Reuters, the Weather Channel etc.) for the selected information categories, and (c) a format in which data gathered from the selected content suppliers is to be displayed. A typical portal also (i) gathers required data from selected content suppliers, (ii) constructs a front-end user-interface which integrates and formats the gathered data in accordance with the user's specifications, (iii) optionally notifies the user of the collated data, and (iv) enables the user to access the collated data through a front-end user-interface. With these functions, and others, portals provide a convenient and time-effective mechanism for users to view up-to-date information from a wide variety of content suppliers without having to visit multiple, different web sites to obtain the desired information.
If a portal receives data from content suppliers in clear text form, the portal can readily collate it, and format the data for a user in accordance with format specifications of the user. If the portal receives data from a secure content supplier in encrypted form (or otherwise unavailable in clear text form), the portal decrypts the data, and formats the data in accordance with a user's format specifications.
Transmissions of secure information to and from portals are typically conducted through two independent SSL tunnels wherein the first tunnel exists between the user and the portal and the second tunnel exists between the portal and the content supplier. A content supplier encrypts confidential information and transmits the resulting data to the portal through the second SSL channel. The portal then decrypts and re-encrypts the data before transmitting it to the user through the first SSL tunnel. Thus, the security systems employed by traditional portals do not provide complete end-to-end security because a portal accesses the confidential data passing wherethrough to decrypt and re-encrypt the data for subsequent transmission to the user. Consequently, users are often reluctant to allow such systems to collate and display sensitive information (e.g. personal banking details, utility billing information and personal e-mails) for fear that the information could be traced or accessed by a malicious or unauthorised user. Another problem with the security systems employed in traditional portals is that they may require the user to provide a password to the portal and desired secure content supplier.
Existing end-to-end secure systems for secure content suppliers (e.g. on-line banking systems) typically require users to install specifically dedicated programs on their machines before a user can obtain information from any of the secure content suppliers. Any of these programs employs the secure socket layer (SSL) protocol to connect a user's machine to a secure content supplier (e.g. bank) and obtain the required sensitive information (e.g. banking information). However, existing end-to-end secure systems do not provide the remote data collating and formatting operations of a portal. Because a portal cannot access confidential information from a secure content supplier, if a user wishes to view confidential information from a number of different secure content suppliers (for example a number of different banks or utility companies etc.) the user separately visits the web-sites of each and every supplier. Moreover, because information obtained from any secure content supplier is typically formatted in accordance with the supplier's own specifications, a user has little or no control over the format in which the information is presented to the user. In addition, if a user visits a number of different secure content suppliers, the user will received confidential information in different formats.